Denial Of Service (DoS) Via Infinite Loop

tomcat-coyote is vulnerable to denial of service DoS attacks. The vulnerability is a result of backporting a fix for CVE-2016-6816 but not backporting the fix for the Tomcat bug 57544 which fails to handle an exceptional condition check for pos while processing HTTPS requests in the Apache Tomcat...

Yelp: One of yelp.com url is redirecting to domain which is not yet purchased

One of yelp.com url is redirecting to domain which is not yet purchased, so anyone would buy that domain and host any stuff which yelp.com does not support. A malicious user can take advantage of this and send the link to users, and people will it is secured domain as link originates from yelp.co...

Lyst: Mixed Active content issue on https://www.lyst.com

An erroneous conditional comment for Internet Explorer browsers lower than version 9 was causing an attempted load of an insecure, non-existent JavaScript file over certain HTTPS requests from www.lyst.com. Although the targetted browser sessions were very low in number the request could still...

CVE-2017-6056

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the f...

CVE-2017-6056

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the f...

Design/Logic Flaw

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the f...

CVE-2017-6056

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the f...

CVE-2017-6056

Technical details for CVE-2017-6056 (affected product, root cause, impact and fixes) are not provided in the connected documents; monitor for updates.

CVE-2017-6056

Removed by vendor...

bmw.ru XSS vulnerability

Vulnerable URL: http://www.bmw.ru/ru/publicPools/search-results/search-results.htmleyJxIjoiJTIyJTNFJTNDaW1nJTIwc3JjJTNEeCUyMG9uZXJyb3IlM0Rwcm9tcHQoJTJGT1BFTkJVR0JPVU5UWSUyRiklM0UifQ== Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS...

wafpass - WAF Security Benchmark

██╗ ██╗ █████╗ ███████╗██████╗ █████╗ ███████╗███████╗ ██║ ██║██╔══██╗██╔════╝██╔══██╗██╔══██╗██╔════╝██╔════╝ ██║ █╗ ██║███████║█████╗ ██████╔╝███████║███████╗███████╗ ██║███╗██║██╔══██║██╔══╝ ██╔═══╝ ██╔══██║╚════██║╚════██║ ╚███╔███╔╝██║ ██║██║ ██║ ██║ ██║███████║███████║ ╚══╝╚══╝ ╚═╝ ╚═╝╚═╝ ╚...

Debian DLA-823-2 : tomcat7 regression update

The update for tomcat7 issued as DLA-823-1 caused that the server could return HTTP 400 errors under certain circumstances. Updated packages are now available to correct this issue. For reference, the original advisory text follows. It was discovered that a programming error in the processing of...

[SECURITY] [DLA 823-1] tomcat7 security update

Package : tomcat7 Version : 7.0.28-4+deb7u10 CVE ID : not yet available Debian Bug : 854551 It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. For Debian 7 "Wheezy", these...

Geutebrueck GCore - GCoreServer.exe Buffer Overflow RCE

This module exploits a stack Buffer Overflow in the GCore server GCoreServer.exe. The vulnerable webserver is running on Port 13003 and Port 13004, does not require authentication and affects all versions from 2003 till July 2016 Version 1.4.YYYYY. This module requires Metasploit:...

Debian DSA-3788-1 : tomcat8 - security update

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...

Debian DSA-3787-1 : tomcat7 - security update

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...

[SECURITY] [DSA 3788-1] tomcat8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3788-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 13, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3787-1] tomcat7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3787-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 13, 2017 https://www.debian.org/security/faq -...

WAF Security Benchmark: WAFPASS

WAF Security Benchmark WAFPASS Analysing parameters with all payloads’ bypass methods, aiming at benchmarking security solutions like WAF. Today a great number of website owners around the globe use “Web Application Firewalls” to improve their security. However, these security applications suffer...

Debian Security Advisory DSA 3788-1 (tomcat8 - security update)

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. OpenVAS Vulnerability Test $Id: deb3788.nasl 8972 2018-02-28 07:02:10Z cfischer $ Auto-generated from advisory DSA 3788-...